CVE-2011-3993 - OpenCVE

SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Skyarc	Autotagging Duplicateentry Mailpack Mtcms Multifileuploader

Configuration 1 [-]

OR	cpe:2.3:a:skyarc:autotagging::::::::
	cpe:2.3:a:skyarc:duplicateentry::::::::
	cpe:2.3:a:skyarc:mailpack::::::::
	cpe:2.3:a:skyarc:mtcms::::::::
	cpe:2.3:a:skyarc:mtcms:5.2:::::::*
	cpe:2.3:a:skyarc:mtcms:5.21:::::::*
	cpe:2.3:a:skyarc:mtcms:5.22:::::::*
	cpe:2.3:a:skyarc:mtcms:5.23:::::::*
	cpe:2.3:a:skyarc:mtcms:5.24:::::::*
	cpe:2.3:a:skyarc:mtcms:5.24::enterprise:::::
	cpe:2.3:a:skyarc:mtcms:5.24::smart:::::
	cpe:2.3:a:skyarc:mtcms:5.25:::::::*
	cpe:2.3:a:skyarc:mtcms:5.25::enterprise:::::
	cpe:2.3:a:skyarc:mtcms:5.25::smart:::::
	cpe:2.3:a:skyarc:mtcms:5.251::enterprise:::::
	cpe:2.3:a:skyarc:mtcms:5.251::smart:::::
	cpe:2.3:a:skyarc:multifileuploader::::::::

No data.

References

Link	Providers
http://jvn.jp/en/jp/JVN41032068/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093
http://www.mtcms.jp/news/product/201110131921.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2011-11-03T17:00:00Z

Updated: 2024-09-16T22:25:41.565Z

Reserved: 2011-10-05T00:00:00Z

Link: CVE-2011-3993

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2011-11-03T17:55:01.780

Modified: 2011-11-16T05:00:00.000

Link: CVE-2011-3993

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-11-03T17:00:00Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVN#41032068", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN41032068/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mtcms.jp/news/product/201110131921.html"}, {"name": "JVNDB-2011-000093", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2011-3993", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JVN#41032068", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN41032068/index.html"}, {"name": "http://www.mtcms.jp/news/product/201110131921.html", "refsource": "CONFIRM", "url": "http://www.mtcms.jp/news/product/201110131921.html"}, {"name": "JVNDB-2011-000093", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:53:32.599Z"}, "title": "CVE Program Container", "references": [{"name": "JVN#41032068", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN41032068/index.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mtcms.jp/news/product/201110131921.html"}, {"name": "JVNDB-2011-000093", "tags": ["third-party-advisory", "x_refsource_JVNDB", "x_transferred"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2011-3993", "datePublished": "2011-11-03T17:00:00Z", "dateReserved": "2011-10-05T00:00:00Z", "dateUpdated": "2024-09-16T22:25:41.565Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:skyarc:autotagging:*:*:*:*:*:*:*:*", "matchCriteriaId": "700A3014-4DD6-4694-A83E-C04267951C07", "versionEndIncluding": "0.08", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:duplicateentry:*:*:*:*:*:*:*:*", "matchCriteriaId": "943E5640-4B68-417A-B9DC-961029EBB604", "versionEndIncluding": "1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mailpack:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6C36983-9CA0-4705-BBB2-77EFA831460A", "versionEndIncluding": "1.741", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mtcms:*:*:*:*:*:*:*:*", "matchCriteriaId": "59C8DD6E-6645-43BC-8C62-7CBB750DB9D7", "versionEndIncluding": "5.251", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mtcms:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "2D5A177C-9E80-4FBF-A443-8429142C0963", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mtcms:5.21:*:*:*:*:*:*:*", "matchCriteriaId": "8A7E0117-F13D-48E5-A859-7C87C6F0FAA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mtcms:5.22:*:*:*:*:*:*:*", "matchCriteriaId": "B926DF53-7927-40E9-8565-F00BDFE06909", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mtcms:5.23:*:*:*:*:*:*:*", "matchCriteriaId": "BE6725E4-D378-4EA6-983F-9C00A02F8B56", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mtcms:5.24:*:*:*:*:*:*:*", "matchCriteriaId": "8A3CD3BC-4D14-4924-8C9D-6F9046CAB9FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mtcms:5.24:*:enterprise:*:*:*:*:*", "matchCriteriaId": "D17F47AC-2B96-4D1B-932F-95E6852D7217", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mtcms:5.24:*:smart:*:*:*:*:*", "matchCriteriaId": "7B0CB190-C55D-4D58-9A64-A23D3C106B99", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mtcms:5.25:*:*:*:*:*:*:*", "matchCriteriaId": "DC5216DB-FE4C-486D-8597-6BBE2AE0D01F", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mtcms:5.25:*:enterprise:*:*:*:*:*", "matchCriteriaId": "58360AF1-8638-4B63-9655-702DFCA8F872", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mtcms:5.25:*:smart:*:*:*:*:*", "matchCriteriaId": "5DBDC0FD-7679-4503-AAF2-01DD31FB1A00", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mtcms:5.251:*:enterprise:*:*:*:*:*", "matchCriteriaId": "33D411B2-A032-451F-868A-4FBE2D6A0352", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:mtcms:5.251:*:smart:*:*:*:*:*", "matchCriteriaId": "820F9FD8-6948-4DC2-ADFF-E69CC758C6CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyarc:multifileuploader:*:*:*:*:*:*:*:*", "matchCriteriaId": "89E4A66A-36C7-484E-B1C5-E8CB296A679A", "versionEndIncluding": "0.44", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad en plugins SKYARC MTCMS anterior a v5.252, y en MultiFileUploader v0.44 y anteriores, DuplicateEntry v1.2 y anteriores, MailPack v1.741 y anteriores, y AutoTagging v0.08 y anteriores para Movable Type utiliza permisos d\u00e9biles, lo que permite a usuarios remotos autenticados modificar ficheros y par\u00e1metros de configuraci\u00f3n a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2011-3993", "lastModified": "2011-11-16T05:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-11-03T17:55:01.780", "references": [{"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN41032068/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093"}, {"source": "vultures@jpcert.or.jp", "url": "http://www.mtcms.jp/news/product/201110131921.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}